<html>
<head>
<title>Get Password</title>
</head>
<body>
<?php
  if ($conn = @oci_connect("cscd494","R3tral435","//146.187.134.17:1542/oracle10g"))
  {   // Declare input variables.
  
	if (!isset($_GET['fname']) && !isset($_GET['lname']))
	{
		$fname = "Scott";
		$lname = "Croneberger";
	}
	else
	{
		$fname = $_GET['fname'];
		$lname = $_GET['lname'];
	}
	
	$query = "BEGIN 
				user_functions.get_password(:fname, :lname, :pass);
			  END;";
			  
	//Strip special characters
	$query = strip_special_characters($query);
    $s = oci_parse($conn,$query);

    oci_bind_by_name($s,':fname',$fname,20);
    oci_bind_by_name($s,':lname',$lname,20);
    oci_bind_by_name($s,':pass',$pass_hash,40);

    // Execute the PL/SQL statement.
    oci_execute($s);

	echo "Password: " . $pass_hash;
		
    oci_close($conn);
  }
  else
  {
    // Assign the OCI error and format double and single quotes.
    $errorMessage = oci_error();
    print htmlentities($errorMessage['message'])."<br />";
  }

  // Strip special characters, like carriage or line returns and tabs.
  function strip_special_characters($str)
  {
    $out = "";
    for ($i = 0;$i < strlen($str);$i++)
      if ((ord($str[$i]) != 9) && (ord($str[$i]) != 10) &&
          (ord($str[$i]) != 13))
        $out .= $str[$i];

    // Return character only strings.
    return $out;
  }
?>

<form action="get_pass.php" method="GET">
First Name: <input type="text" name="fname" id="fname" /><br/>
Last Name:  <input type="text" name="lname" id="lname" /><br/>
<input type="submit" value="Get Password" />
</form>

</body>
</html>
